cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3647
Views
0
Helpful
4
Replies

Anyconnect 3.0 , SBL and Certificate

Hi,

I'm loosing my hope to find a way to configure SBL on Windows XP 32bit, I didnt tried on 7. When I start the pc, the screen of anyconnect apears and give a error that couldnt find the certificate. When I logon on Windows, anyconnect connects normally. On IE, I can enter on ASA 5540 Anyconnect Web Deployment with my certificate.

A part of XML:

<UseStartBeforeLogon UserControllable="true">true</UseStartBeforeLogon>

<AutomaticCertSelection UserControllable="false">true</AutomaticCertSelection>

<ShowPreConnectMessage>false</ShowPreConnectMessage>

<CertificateStore>All</CertificateStore>

<CertificateStoreOverride>true</CertificateStoreOverride>

<AutoConnectOnStart UserControllable="false">true</AutoConnectOnStart>

<MinimizeOnConnect UserControllable="false">true</MinimizeOnConnect>

<LocalLanAccess UserControllable="false">true</LocalLanAccess>

<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>

<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>

<AlwaysOn>true

<ConnectFailurePolicy>Open

<AllowCaptivePortalRemediation>false

<CaptivePortalRemediationTimeout>5</CaptivePortalRemediationTimeout>

</AllowCaptivePortalRemediation>

<ApplyLastVPNLocalResourceRules>false</ApplyLastVPNLocalResourceRules>

</ConnectFailurePolicy>

<AllowVPNDisconnect>true</AllowVPNDisconnect>

</AlwaysOn>

The certificate was generate by Windows Server, and is stored on User Store.

Thanks for efforts.

4 Replies 4

I forgot to say, I'm with the lastest version os ASA 5540 8.4(4) and Anyconnect 3.0.08057.

Did SBL ever work in your environment? 

AndreasSchiffer
Level 1
Level 1

Hi,

you have to install the certificate into the local machine certificate store otherwise AC isn't able to use it before the User has logged in.

In our Environment SBL works well with Windows XP/ 7 and cert auth!

Sent from Cisco Technical Support iPhone App

motomjp-ybb
Level 1
Level 1

Hi,

don't copy & paste the certificate.

import the certifcate into the local machine certificate store.

http://support.microsoft.com/kb/939616/en-us

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: